Check Point CloudGuard Connect
Configuration > Cloud Services > Check Point CloudGuard Connect
Check Point CloudGuard Connect provides network and cloud security with policies defined within Orchestrator overlays. The Check Point CloudGuard Connect tab has the following fields.
| Field | Description |
|---|---|
| Subscription | Name of the appliance you want to connect with Check Point. |
| Interface Labels | Name of the interfaces you want to connect with Check Point. |
| Tunnel Settings | Defines the tunnels associated with Orchestrator and Check Point. |
| LAN Subnets | Subnets configured on the LAN side associated with Check Point. |
Before you begin to configure Check Point CloudGuard Connect, you need to create a Check Point account. Visit the following link to make an account: https://portal.checkpoint.com.
After you create an account, you will need to create an API Key.
Subscription
-
After you complete the steps in the above URL to create your Check Point account, navigate to the Check Point CloudGuard Connect tab in Orchestrator.
-
Select the Subscription tab to get started with Check Point.
-
Enter your Client ID and the Secret Key you received when you created your Check Point account.
-
Select Save after you finish entering the information in the table below. The Connection Status should appear at the top of the Subscription window.
Interface Labels
-
Select the Interface Labels tab. The Build Tunnels Using These Interfaces opens.
-
Drag the interface labels you want to use into the Preferred Interface Label Order column.
-
Select Save.
Tunnel Settings
The Tunnel Settings tab helps you define the tunnels associated with Check Point and EdgeConnect. Use the Check Point default values for the General, IKE, and IPSec tunnel settings.
NOTE: You can also configure specific General, IKE, and IPSec tunnel settings. The settings are automatically generated; however, you can make modifications if you choose to do so. To go back to the default settings, select Use Default on any of the tunnel windows.
LAN Subnets
You can select the LAN subnets for a given appliance to associate with your Check Point integration. By default, LAN subnets are configured on the Deployment tab. You can also add, import a CSV file, or export a CSV file of the configured subnets.
Enabling Check Point CloudGuard Connect
When you have completed configuration, you need to enable the Check Point service.
-
Navigate to the Business Intent Overlay tab in Orchestrator.
-
Go to the Breakout Traffic to Internet & Cloud Services.
-
Select the overlay that breaks out traffic to Check Point.
-
Drag Check Point CloudGuard Connect from the Available Policies column to the Preferred Policy Order column.
Verification
Navigate to the Check Point CloudGuard Connect tab in Orchestrator to verify successful deployment under Site Status. You can also verify successful deployment on the Tunnels tab.
Import and Export Subnets
Import enables you to import a Comma Separated Values (CSV) file into a pair of appliances used in Orchestrator. Before you import, you must remove the header row and save the files on your computer. Complete the following steps to begin your import.
-
Select Choose File.
-
Locate the file you want to import on your desktop.
-
Select Open.
-
Select Import. Orchestrator generates the CSV file. The following table represents the fields in the exported CSV file.
Appliance Configured Subnets <Appliance Hostname> <Configured subnets IP addresses> NOTE: The titles and double quotes should be removed from your file before importing.
CAUTION: This import overwrites previously configured imports.